} else {
$page = intval($_GET['page']);
}
$start = $page * 10 - 10;
if ($count < $start + 10) {
$end = $count;
} else {
$end = $start + 10;
}
for ($i = $start; $i < $end; $i++) {
$sizefiles = explode("|", $sizelist);
$selectfile = explode("|", $savelist);
$path = $selectfile[$i];
$fname = ereg_replace(".*[\\/]", "", $path);
$zdir = ereg_replace("[\\/]?[^\\/]*\$", "", $path);
$tfl = strtolower(functions::format($fname));
$df = array("asp", "aspx", "shtml", "htd", "php", "php3", "php4", "php5", "phtml", "htt", "cfm", "tpl", "dtd", "hta", "pl", "js", "jsp");
if (in_array($tfl, $df)) {
echo "{$zdir}/{$fname}";
} else {
echo $zdir . '/<a href="' . $_SERVER['PHP_SELF'] . '?act=arc&file=' . $file . '&f=' . $i . '&start=' . $start . '">' . $fname . '</a>';
}
if ($sizefiles[$i] != "0") {
$sizekb = round($sizefiles[$i] / 1024, 2);
echo " ({$sizekb} кб)";
}
echo '<br/>';
}
if ($count > 10) {
echo "<hr/>";
$ba = ceil($count / 10);
$adrfile = mysql_fetch_array($file1);
if ($file1 == 0 || !is_file("{$adrfile['adres']}/{$adrfile['name']}")) {
echo functions::display_error($lng_dl['file_select_error'], '<a href="index.php">' . $lng['back'] . '</a>');
require_once '../incfiles/end.php';
exit;
}
if (isset($_POST['submit'])) {
$scrname = $_FILES['screens']['name'];
$scrsize = $_FILES['screens']['size'];
$scsize = GetImageSize($_FILES['screens']['tmp_name']);
$scwidth = $scsize[0];
$scheight = $scsize[1];
$ffot = strtolower($scrname);
$dopras = array("gif", "jpg", "png");
if ($scrname != "") {
$formfot = functions::format($ffot);
if (!in_array($formfot, $dopras)) {
echo $lng_dl['screenshot_upload_error'] . '<br/><a href="index.php?act=screen&file=' . $file . '">' . $lng['repeat'] . '</a><br/>';
require_once '../incfiles/end.php';
exit;
}
if ($scwidth > 320 || $scheight > 320) {
echo $lng_dl['screenshot_size_error'] . '<br/><a href="index.php?act=screen&file=' . $file . '">' . $lng['repeat'] . '</a><br/>';
require_once '../incfiles/end.php';
exit;
}
if (preg_match("/[^\\da-z_\\-.]+/", $scrname)) {
echo $lng_dl['screenshot_name_error'] . "<br/><a href='?act=screen&file=" . $file . "'>" . $lng['repeat'] . "</a><br/>";
require_once '../incfiles/end.php';
exit;
}
*/
defined('_IN_JOHNCMS') or die('Error: restricted access');
require_once "../incfiles/head.php";
echo '<div class="phdr">' . $lng['new_files'] . '</div>';
$req = mysql_query("SELECT COUNT(*) FROM `download` WHERE `time` > '" . (time() - 259200) . "' AND `type` = 'file'");
$total = mysql_result($req, 0);
if ($total > 0) {
////////////////////////////////////////////////////////////
// Выводим список новых файлов //
////////////////////////////////////////////////////////////
$req = mysql_query("SELECT * FROM `download` WHERE `time` > '" . (time() - 259200) . "' AND `type` = 'file' ORDER BY `time` DESC LIMIT {$start},{$kmess}");
while ($newf = mysql_fetch_array($req)) {
echo $i % 2 ? '<div class="list2">' : '<div class="list1">';
$fsz = filesize("{$newf['adres']}/{$newf['name']}");
$fsz = round($fsz / 1024, 2);
$ft = functions::format("{$newf['adres']}/{$newf['name']}");
switch ($ft) {
case "mp3":
$imt = "mp3.png";
break;
case "zip":
$imt = "rar.png";
break;
case "jar":
$imt = "jar.png";
break;
case "gif":
$imt = "gif.png";
break;
case "jpg":
$imt = "jpg.png";
$req_u = mysql_query("SELECT `id`, `name`, `sex`, `rights`, `lastdate`, `status`, `datereg`, `ip`, `browser` FROM `users` WHERE `id` = '" . $res['user_id'] . "'");
$res_u = mysql_fetch_assoc($req_u);
echo $i % 2 ? '<div class="list2">' : '<div class="list1">';
// Выводим текст поста
$text = mb_substr($res['text'], 0, 500);
$text = functions::checkout($text, 1, 0);
$text = preg_replace('#\\[c\\](.*?)\\[/c\\]#si', '', $text);
$page = ceil(mysql_result(mysql_query("SELECT COUNT(*) FROM `forum` WHERE `refid` = '" . $res['topic'] . "' AND `id` " . ($set_forum['upfp'] ? ">=" : "<=") . " '" . $res['post'] . "'"), 0) / $kmess);
$text = '<b><a href="index.php?id=' . $res['topic'] . '&page=' . $page . '">' . $res['topicname'] . '</a></b><br />' . $text;
if (mb_strlen($res['text']) > 500) {
$text .= '<br /><a href="index.php?act=post&id=' . $res['post'] . '">' . $lng_forum['read_all'] . ' >></a>';
}
// Формируем ссылку на файл
$fls = @filesize('../files/forum/attach/' . $res['filename']);
$fls = round($fls / 1024, 0);
$att_ext = strtolower(functions::format('./files/forum/attach/' . $res['filename']));
$pic_ext = array('gif', 'jpg', 'jpeg', 'png');
if (in_array($att_ext, $pic_ext)) {
// Если картинка, то выводим предпросмотр
$file = '<div><a href="index.php?act=file&id=' . $res['id'] . '">';
$file .= '<img src="thumbinal.php?file=' . urlencode($res['filename']) . '" alt="' . $lng_forum['click_to_view'] . '" /></a></div>';
} else {
// Если обычный файл, выводим значок и ссылку
$file = ($res['del'] ? '<img src="../images/del.png" width="16" height="16" />' : '') . '<img src="../images/system/' . $res['filetype'] . '.png" width="16" height="16" /> ';
}
$file .= '<a href="index.php?act=file&id=' . $res['id'] . '">' . htmlspecialchars($res['filename']) . '</a><br />';
$file .= '<small><span class="gray">' . $lng_forum['size'] . ': ' . $fls . ' kb.<br />' . $lng_forum['downloaded'] . ': ' . $res['dlcount'] . ' ' . $lng_forum['time'] . '</span></small>';
$arg = array('iphide' => 1, 'sub' => $file, 'body' => $text);
echo functions::display_user($res_u, $arg);
echo '</div>';
}
<input type="text" name="page" size="2"/><input type="submit" value="Go!"/></form></div>';
}
break;
case 'upload':
$c = '../images/smileys/user/' . $do . '/';
if (!is_dir($c)) {
echo functions::display_error($lng['error_wrong_data']);
echo '<p><a href="index.php">' . $lng['admin_panel'] . '</a></p>';
require_once '../incfiles/end.php';
exit;
}
$name_cat = $lng_smileys[$do] ? $lng_smileys[$do] : $do;
echo '<div class="mainblok"><div class="phdr"><a href="?act=smileys&do=' . $do . '&mod=show_cat"><b>' . htmlspecialchars($name_cat) . '</b></a>
| Upload</div>';
if (isset($_POST['submit'])) {
$format = functions::format($_FILES['smiley']['name']);
$_FILES['smiley']['name'] = str_replace('.' . $format, '', strtolower($_FILES['smiley']['name']));
$name = $_POST['name'] ? $_POST['name'] : $_FILES['smiley']['name'];
$name = functions::rus_lat($name);
$name = preg_replace('/[^_a-z0-9]/i', '', $name);
$glob = glob('../images/smileys/user/*/*.{gif,jpg,png}', GLOB_BRACE);
foreach ($glob as $val) {
$val = explode('/', $val);
$val = array_pop($val);
$val = str_replace('.' . $format, '', $val);
if ($val == $name) {
$i = 1;
}
}
if ($i) {
$error[] = 'Smile with the same name already exists.';
$quality = 100;
$x_ratio = $razm / $width;
$y_ratio = $razm / $height;
if ($width <= $razm && $height <= $razm) {
$tn_width = $width;
$tn_height = $height;
} else {
if ($x_ratio * $height < $razm) {
$tn_height = ceil($x_ratio * $height);
$tn_width = $razm;
} else {
$tn_width = ceil($y_ratio * $width);
$tn_height = $razm;
}
}
$format = functions::format($infile);
switch ($format) {
case "gif":
$im = ImageCreateFromGIF($infile);
break;
case "jpg":
$im = ImageCreateFromJPEG($infile);
break;
case "jpeg":
$im = ImageCreateFromJPEG($infile);
break;
case "png":
$im = ImageCreateFromPNG($infile);
break;
}
$im1 = imagecreatetruecolor($tn_width, $tn_height);
echo "ERROR<br/><a href='index.php'>Back</a><br/>";
require_once '../incfiles/end.php';
exit;
}
$rz = mysql_query("select * from `gallery` where type='rz' and id='" . $ms['refid'] . "';");
$rz1 = mysql_fetch_array($rz);
if (!empty($_SESSION['uid']) && $rz1['user'] == 1 && $ms['text'] == $login || $rights >= 6) {
$text = functions::check($_POST['text']);
$dopras = array("gif", "jpg", "png");
$tff = implode(" ,", $dopras);
$ftsz = $set['flsz'] / 5;
$fname = $_FILES['fail']['name'];
$fsize = $_FILES['fail']['size'];
if ($fname != "") {
$ffail = strtolower($fname);
$formfail = functions::format($ffail);
if (preg_match("/php/i", $ffail) or preg_match("/.pl/i", $fname) or $fname == ".htaccess") {
echo "Trying to send a file type of prohibited.<br/><a href='index.php?act=upl&id=" . $id . "'>" . $lng['repeat'] . "</a><br/>";
require_once '../incfiles/end.php';
exit;
}
if ($fsize >= 1024 * $ftsz) {
echo "Weight file exceeds {$ftsz} kB<br/><a href='index.php?act=upl&id=" . $id . "'>" . $lng['repeat'] . "</a><br/>";
require_once '../incfiles/end.php';
exit;
}
if (!in_array($formfail, $dopras)) {
echo "Allowed only the following file types: {$tff} !.<br/><a href='index.php?act=upl&id=" . $id . "'>" . $lng['repeat'] . "</a><br/>";
require_once '../incfiles/end.php';
exit;
}
defined('_IN_JOHNCMS') or die('Error: restricted access');
if (empty($_GET['n'])) {
require '../incfiles/head.php';
echo functions::display_error($lng['error_wrong_data']);
require '../incfiles/end.php';
exit;
}
$n = trim($_GET['n']);
$o = opendir("../files/forum/topics");
while ($f = readdir($o)) {
if ($f != "." && $f != ".." && $f != "index.php" && $f != ".htaccess") {
$ff = functions::format($f);
$f1 = str_replace(".{$ff}", "", $f);
$a[] = $f;
$b[] = $f1;
}
}
$tt = count($a);
if (!in_array($n, $b)) {
require_once '../incfiles/head.php';
echo functions::display_error($lng['error_wrong_data']);
require_once '../incfiles/end.php';
exit;
}
for ($i = 0; $i < $tt; $i++) {
$tf = functions::format($a[$i]);
$tf1 = str_replace(".{$tf}", "", $a[$i]);
if ($n == $tf1) {
header("Location: ../files/forum/topics/{$n}.{$tf}");
}
}
// Считаем новые файлы в подкаталогах
$req = mysql_query("SELECT COUNT(*) FROM `download` WHERE `type` = 'file' AND `adres` LIKE '" . ($zap2['adres'] . '/' . $zap2['name']) . "%' AND `time` > '" . (time() - 259200) . "'");
$g1 = mysql_result($req, 0);
echo "({$g}";
if ($g1 != 0) {
echo "/+{$g1})</div>";
} else {
echo ")</div>";
}
}
////////////////////////////////////////////////////////////
// Выводим cписок файлов //
////////////////////////////////////////////////////////////
if ($totalfile > 0 && $zap2['type'] == 'file') {
echo '<div class="list2">';
$ft = functions::format($zap2['name']);
switch ($ft) {
case "mp3":
$imt = "mp3.png";
break;
case "zip":
$imt = "rar.png";
break;
case "jar":
$imt = "jar.png";
break;
case "gif":
$imt = "gif.png";
break;
case "jpg":
$imt = "jpg.png";
$ms = mysql_fetch_array($typ);
if ($id != 0 && $ms['type'] != "cat") {
echo "";
require_once '../incfiles/end.php';
exit;
}
if ($ms['ip'] == 0) {
if (isset($_POST['submit'])) {
if (empty($_POST['name'])) {
echo functions::display_error($lng['error_empty_title'], '<a href="index.php?act=load&id=' . $id . '">' . $lng['repeat'] . '</a>');
require_once '../incfiles/end.php';
exit;
}
$name = mb_substr($_POST['name'], 0, 50);
$fname = $_FILES['fail']['name'];
$ftip = functions::format($fname);
$ftip = strtolower($ftip);
if ($fname != "") {
if (eregi("[^a-z0-9.()+_-]", $fname)) {
echo "Invalid file name<br /><a href='index.php?act=load&id=" . $id . "'>" . $lng['repeat'] . "</a><br/>";
require_once '../incfiles/end.php';
exit;
}
if (preg_match("/.php/i", $fname) or preg_match("/.pl/i", $fname) or $fname == ".htaccess") {
echo "Invalid file format<br/><a href='index.php?act=load&id=" . $id . "'>" . $lng['repeat'] . "</a><br/>";
require_once '../incfiles/end.php';
exit;
}
if ($ftip != "txt") {
echo "This is not a text file<br/><a href='index.php?act=load&id=" . $id . "'>" . $lng['repeat'] . "</a><br/>";
require_once '../incfiles/end.php';
require_once "../incfiles/head.php";
if ($rights == 4 || $rights >= 6) {
if (empty($_GET['cat'])) {
$loaddir = $loadroot;
} else {
$cat = intval($_GET['cat']);
provcat($cat);
$cat1 = mysql_query("select * from `download` where type = 'cat' and id = '" . $cat . "';");
$adrdir = mysql_fetch_array($cat1);
$loaddir = "{$adrdir['adres']}/{$adrdir['name']}";
}
if (isset($_POST['submit'])) {
$url = trim($_POST['url']);
$opis = functions::check($_POST['opis']);
$newn = functions::check($_POST['newn']);
$tipf = functions::format($url);
if (eregi("[^a-z0-9.()+_-]", $newn)) {
echo "В новом названии файла <b>{$newn}</b> присутствуют недопустимые символы<br/>Разрешены только латинские символы, цифры и некоторые знаки ( .()+_- )<br /><a href='?act=import&cat=" . $cat . "'>Повторить</a><br/>";
require_once '../incfiles/end.php';
exit;
}
$import = "{$loaddir}/{$newn}.{$tipf}";
$files = file("{$import}");
if (!$files) {
if (copy($url, $import)) {
$ch = "{$newn}.{$tipf}";
echo "Файл успешно загружен<br/>";
mysql_query("insert into `download` values(0,'{$cat}','" . mysql_real_escape_string($loaddir) . "','" . time() . "','" . mysql_real_escape_string($ch) . "','file','','','','" . $opis . "','');");
} else {
echo "Загрузка файла не удалась!<br/>";
}
